Cyber-crooks behind the notorious Dyre malware have set their sights on customers of 17 Spanish banks, researchers from IBM Security’s X-Force team have warned.
First spotted in 2014, Dyre targets banks all over Europe, apart from in Russia and former Soviet republics. However, a new Trojan configuration file analysed by the IBM team suggests that the malware is gearing up for a concerted assault on Spanish banks, expanding its targets from around five to 17.
IBM Security says that Dyre is one of the most advanced malware codes active in the wild because of its feature-rich capabilities and its constant updates, which are designed to evade detection by anti-virus and static security mechanisms. The team behind the malware is described as experienced and savvy, acting as a "private gang" that does not deal with other crooks on underground forums.
The gang targets corporate bank accounts, breaching systems to gather information, using a "Swat team" to make phone calls and deploy social engineering techniques before making large illegal wire transfers, usually of at least $500,000.
The IBM researchers are warning that Spanish banks are now at particular risk and that they can expect an infection campaign via malware-laden emails. Customers should be alerted but "the campaigns are bound to raise the infection rates in the country and result in an increase in fraudulent transactions".
